MD5: 094ecaad1b0f603a1ffc02366f551506
SHA1: b3af6c1be0569af5649ee55d0f16c47c26859ee5
SHA256: 1139a6a7dfac94f5350dcdae44d218872b56118faed2ed128b3471433954f6ac
SSDeep: 98304:71SCUlJurbOI gHDDV4twpmVKePTRcRoDGWHCWf7Hd0FLEIbhf:hkJurjDDWtq ryRsGWHzH2FgoR
Size: 6331856 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: PCUtilities Software Limited
Created at: 2015-03-17 16:38:27
Analyzed on: WindowsXP SP3 32-bit

Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Application creates the following process(es):

optsetup.exe:1672
LiveSupport_setup.tmp:1244
LiveSupport.exe:2016
%original file name%.exe:456
optsetup.tmp:1952
rundll32.exe:1068
rundll32.exe:244
LiveSupport_setup.exe:424
regsvr32.exe:1096
regsvr32.exe:1148

The Application injects its code into the following process(es):

LiveSupport.exe:1016
OptProStart.exe:1200

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process optsetup.exe:1672 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-OFCQS.tmp\optsetup.tmp (7386 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-OFCQS.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-OFCQS.tmp\optsetup.tmp (0 bytes)

The process LiveSupport_setup.tmp:1244 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files%\LiveSupport\is-KRQL5.tmp (34256 bytes)
%Program Files%\LiveSupport\unins000.msg (646 bytes)
%Program Files%\LiveSupport\is-495FH.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-8QFJR.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\LiveSupport\unins000.dat (8096 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\LiveSupport.lnk (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\Uninstall LiveSupport.lnk (751 bytes)
%Documents and Settings%\%current user%\Desktop\LiveSupport.lnk (1 bytes)
%Program Files%\LiveSupport\is-JI8C1.tmp (7385 bytes)
%Program Files%\LiveSupport\is-9MPNB.tmp (1281 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-8QFJR.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-8QFJR.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-8QFJR.tmp\_isetup (0 bytes)

The process LiveSupport.exe:1016 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\adsology[1].htm (3 bytes)
%Documents and Settings%\%current user%\Application Data\LiveSupport.exe_log.txt (1237 bytes)

The process LiveSupport.exe:2016 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\LiveSupport_setup.exe (134522 bytes)

The process %original file name%.exe:456 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\optsetup.exe (779886 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (4496 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (4612 bytes)

The process optsetup.tmp:1952 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Program Files%\Optimizer Pro 3.64\is-OPOMD.tmp (2321 bytes)
%Program Files%\Optimizer Pro 3.64\is-HBCKN.tmp (898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\optpro2.bmp (673 bytes)
%Program Files%\Optimizer Pro 3.64\is-ASKFG.tmp (673 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (792 bytes)
%Program Files%\Optimizer Pro 3.64\is-MCD97.tmp (6841 bytes)
%Program Files%\Optimizer Pro 3.64\is-BD7PH.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\OptProHelper.dll (7971 bytes)
%Program Files%\Optimizer Pro 3.64\OptProMon.dll (134720 bytes)
%Program Files%\Optimizer Pro 3.64\is-UARNJ.tmp (712 bytes)
%Program Files%\Optimizer Pro 3.64\unins000.msg (646 bytes)
%Program Files%\Optimizer Pro 3.64\is-3TM9M.tmp (32054 bytes)
%Program Files%\Optimizer Pro 3.64\is-S055N.tmp (48 bytes)
%Program Files%\Optimizer Pro 3.64\is-JP7KI.tmp (2321 bytes)
%Program Files%\Optimizer Pro 3.64\is-7AN6K.tmp (25426 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (786 bytes)
%Program Files%\Optimizer Pro 3.64\is-6D8E0.tmp (601 bytes)
%Program Files%\Optimizer Pro 3.64\is-F05ST.tmp (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\LiveSupport.exe (11493 bytes)
%Documents and Settings%\%current user%\Desktop\Optimizer Pro.lnk (774 bytes)
%Program Files%\Optimizer Pro 3.64\is-5H5HI.tmp (1281 bytes)
%Program Files%\Optimizer Pro 3.64\is-OTMS2.tmp (7971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\OptProMon.dll (15506 bytes)
%Program Files%\Optimizer Pro 3.64\is-3L76Q.tmp (56 bytes)
%Program Files%\Optimizer Pro 3.64\is-13O54.tmp (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\_isetup\_shfoldr.dll (23 bytes)
%Program Files%\Optimizer Pro 3.64\is-UR8JF.tmp (3073 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (766 bytes)
%Program Files%\Optimizer Pro 3.64\is-A36OH.tmp (4545 bytes)
%Program Files%\Optimizer Pro 3.64\is-337Q7.tmp (20 bytes)
%Program Files%\Optimizer Pro 3.64\unins000.dat (28681 bytes)
%Program Files%\Optimizer Pro 3.64\is-RPM1T.tmp (65 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (786 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\itdownload.dll (1281 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (814 bytes)
%Program Files%\Optimizer Pro 3.64\is-GRJO9.tmp (6841 bytes)
%Program Files%\Optimizer Pro 3.64\is-28A1F.tmp (3361 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\OptProHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\LiveSupport.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\optpro2.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\OptProMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\itdownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\_isetup (0 bytes)

The process LiveSupport_setup.exe:424 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-DNAB4.tmp\LiveSupport_setup.tmp (7386 bytes)

The Application deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-DNAB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-DNAB4.tmp\LiveSupport_setup.tmp (0 bytes)

The process regsvr32.exe:1148 makes changes in the file system.
The Application creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\regsvr32.exe_log.txt (133 bytes)

Registry activity

The process optsetup.exe:1672 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "78 FE 00 A6 B8 04 4C 47 D9 70 F6 18 4A BF BA 1F"

The process LiveSupport_setup.tmp:1244 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Language" = "en"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"MajorVersion" = "1"

[HKCU\Software\LiveSupport]
"AdsDownloadUrl1" = "http://dl.softservers.net/121001356/DriverPro.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayVersion" = "1.2.8.0"

[HKCU\Software\LiveSupport]
"SupportURL" = "http://support.pcutilitiespro.com"
"AdsLandingPageLink2" = "http://www.pcutilitiespro.com/optimizerpro.php"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\LiveSupport]
"AdsLandingPageLink1" = "http://www.pcutilitiespro.com/driverpro.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Selected Tasks" = "desktopicon"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\LiveSupport]
"AdsDescription1" = "Driver Updater"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\LiveSupport]
"AdsDescription2" = "System Performance Optimizer"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\LiveSupport]
"LiveSupport.exe" = "LiveSupport"

[HKCU\Software\LiveSupport]
"DelayedStart" = "0"
"homepageurl" = "http://www.pcutilitiespro.com/livesupport.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayName" = "LiveSupport"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"QuietUninstallString" = "%Program Files%\LiveSupport\unins000.exe /SILENT"
"Inno Setup: App Path" = "%Program Files%\LiveSupport"
"MinorVersion" = "2"

[HKCU\Software\LiveSupport]
"CallbannerUrl" = "http://ls.callbanner.pcutilitiespro.com/?sid=171001356"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\LiveSupport]
"Query" = "http://bi.secure-download.net/t/ls?sid=171001356-UA-035&dt=%dt%&gid=%gid%&tz=%tz%&ln=%ln%&os=%os%&bis=%bis%&bipc=%bipc%&lc1=%lc1%&lc2=%lc2%&lc3=%lc3%&f=2182739400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"DisplayIcon" = "%Program Files%\LiveSupport\LiveSupport.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\LiveSupport]
"AdsDownloadUrl2" = "http://dl.softservers.net/191001356/OptmizerPro.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Deselected Tasks" = ""

[HKCU\Software\LiveSupport]
"PhoneNumber" = " 1-855-544-6024"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\LiveSupport]
"AdsCheckName2" = "Optimizer Pro"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 83 2B C0 71 BA 7E 5D F0 52 4C 21 67 08 E4 73"

[HKCU\Software\LiveSupport]
"UninstallURL" = "http://www.pcutilitiespro.com/uninstall-livesupport.php?sid=171001356-UA-035"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\LiveSupport]
"AdsCheckName1" = "Driver Pro"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"InstallLocation" = "%Program Files%\LiveSupport\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"
"Inno Setup: Icon Group" = "LiveSupport"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"UninstallString" = "%Program Files%\LiveSupport\unins000.exe"
"Inno Setup: User" = "%CurrentUserName%"
"Publisher" = "PC Utilities Software Limited"

[HKCU\Software\LiveSupport]
"AdsLicenseKey2" = "LicenseDate"
"AdsLicenseKey1" = "User"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1]
"NoRepair" = "1"
"InstallDate" = "20150401"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process LiveSupport.exe:1016 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\LiveSupport]
"ShowTitleBarBtn" = "1"
"Assistant" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\LiveSupport]
"BtnCallPressed" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\LiveSupport]
"AppStart" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\LiveSupport]
"Language" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\LiveSupport]
"OS" = "102"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\LiveSupport]
"RunOnOSRun" = "1"
"QueryDate" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\LiveSupport]
"SHOWTRAY" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\LiveSupport]
"FixHoverIconToTray" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 E9 07 D8 00 26 F9 A4 31 BA 6F 2A 54 80 88 92"

[HKCU\Software\LiveSupport]
"InstallDate" = "1427901150"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\LiveSupport]
"MachineGuid" = "639f6419-941a-4f0f-ac3b-3570cd479d40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"LiveSupport" = "%Program Files%\LiveSupport\LiveSupport.exe /noshow /log"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process LiveSupport.exe:2016 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7D 45 FF FA 91 15 50 2A 6F 9A F0 DB 12 68 DC 42"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"LiveSupport_setup.exe" = "LiveSupport Setup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process %original file name%.exe:456 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 9A FB 47 C7 FC 84 CC 61 18 B9 13 D5 4D 6B 5B"

[HKCU\Software\Optimizer Pro]
"setupname" = "c:\%original file name%.exe"

The process optsetup.tmp:1952 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"414bc593" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"uuid" = "3653348966"
"LRTS" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"State" = "0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"fe94ce1e" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"Mode" = "4026531840"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"1520c6f1" = "V/////%%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"usr.1" = "gvYmlYhabcdefABCDW"
"usr.0" = "7/AzvySUMOQIKEG xz"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"d1abcdb6" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1146AC44-2F03-4431-B4FD-889BC837521F}{f93004be}]
"Cache" = "300849991353088886"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"2e22d94e" = "///%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"uuid" = "3653348966"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"2d71d5ab" = "V/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"e8f9dcc7" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"060df2cd" = "alAl/YP/b/Af/X6/UxAp/X2/GxAk////"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Optimizer Pro 3.64]
"OptProStart.exe" = "Optimizer Pro Launcher"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"8b9e4cbc" = "V/////%%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"587b5709" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"370856c7" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"date" = "1427893915"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Selected Tasks" = "runoptpro,runoptprodaily,desktopicon"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"0dc3ee96" = "/P////%%"

[HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
"n" = "1"

[HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}]
"n" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"65114b36" = "VP/ ////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"51d2f2ea" = "IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/CZ/V//h/CD////%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"2d71d5ab" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"a1dcff5b" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"c24899a6" = "VP/g/CV/Vl/1/CF////%"

[HKCU\Software\Optimizer Pro]
"s_SmartScan" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"48bd1aff" = "VP/l/C//N//l////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"date" = "1427893915"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"65114b36" = "VP/ ////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Publisher" = "PCUtilities Software Limited"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"a1dcff5b" = "V/////%%"
"f2c53c49" = "UlAr/XJ/c//k////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c5705860" = "Vx////%%"
"d1abcdb6" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"a47da861" = "o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0ox1S06q0nU0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%"
"3efeb33e" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"72758a5d" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"Mode" = "4026531840"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"0e93c3f3" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"51d2f2ea" = "IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/CZ/V//h/CD////%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c99a5f5c" = "///%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"NoRepair" = "1"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"060df2cd" = "alAl/YP/b/Af/X6/UxAp/X2/GxAk////"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"1520c6f1" = "V/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"8b9e4cbc" = "V/////%%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"URLUpdateInfo" = "http://www.pcutilitiespro.com"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c24899a6" = "VP/g/CV/Vl/1/CF////%"

[HKCU\Software\Optimizer Pro]
"Language" = "1"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"c99a5f5c" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_806ab0c8\eae10f9d]
"340d3099" = "///%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"a0743acc" = "N/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"e8f9dcc7" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"a1dcff5b" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_806ab0c8\eae10f9d]
"dbaf3ce3" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"data.0" = "kmiVPunl 6 1iBabcdj5TdK6FugOzEToj0CQDelG9Px30vrWmdk/2bKsrhAEfetAUN/vOLaHzgpi19e73gYvwQdqo"
"data.1" = "T88upA36j1yb545678Nug8OQN13OqSdlLNbpAhyWRpWgNCmwkaK0GhmtJbpjuvmVHXE0hNDCXYGrDXVMVWCHWfn5lP0KP6iyX/IjnK9koKVFAWw3yxGsPd/FsD0i1xZT3Z2bEW8InLSTl5 ij24e2tBCYC"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f0bf0bde" = "///%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\00000000]
"370856c7" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"NoModify" = "1"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"340d3099" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f6ad6fa6" = "VP/l/C//V/////%%"
"a2e3b941" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"InstallDate" = "20150401"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"appid.0" = "DT ACFa4veO8xefABCLrDVpmeIyjWr uG3cw"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"LRTS" = "0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"e46c271e" = "///%"
"27ddcf6f" = "///%"
"72758a5d" = "///%"
"6185d035" = "VP/h/CP/V//l////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"370856c7" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 24 CB EC 95 D0 6E 17 02 F8 65 F6 B7 CB 03 37"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\00000000]
"493c7345" = ""

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"e46c271e" = "///%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"0e93c3f3" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"493c7345" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"587b5709" = "V/////%%"

[HKCU\Software\Optimizer Pro]
"SessionID" = "7A79F331-BE0D-4286-8AFB-56663794E69A"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"Mode" = "4026531840"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f0bf0bde" = "///%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"72758a5d" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Language" = "en"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"414bc593" = "///%"
"0dc3ee96" = "/P////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c99a5f5c" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"dlpath" = "c:\progra~1\optimi~1.64\optpro~2.dll"
"iiid" = "1"
"uuid" = "3653348966"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"0c230bcb" = "///%"
"bbf88800" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"URLInfoAbout" = "http://www.pcutilitiespro.com"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"
"0c230bcb" = "///%"

[HKCU\Software\Optimizer Pro]
"cufValue" = "CUF=0"
"culValue" = ""

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"6185d035" = "VP/h/CP/V//l////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"7367429f" = "///%"
"c5705860" = "Vx////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"data.1" = "T88upA36j1yb545678Nug8OQN13OqSdlLNbpAhyWRpWgNCmwkaK0GhmtJbpjuvmVHXE0hNDCXYGrDXVMVWCHWfn5lP0KP6iyX/IjnK9koKVFAWw3yxGsPd/FsD0i1xZT3Z2bEW8InLSTl5 ij24e2tBCYC"
"data.0" = "kmiVPunl 6 1iBabcdj5TdK6FugOzEToj0CQDelG9Px30vrWmdk/2bKsrhAEfetAUN/vOLaHzgpi19e73gYvwQdqo"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"svn" = "Optimizer Pro Crash Monitor"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"48bd1aff" = "VP/l/C//N//l////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\00000000]
"a47da861" = "o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0ox1S06q0nU0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"svi" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"DisplayVersion" = "3.3.1.7"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"svt" = "1427901099"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Setup Version" = "5.5.3 (u)"
"DisplayName" = "Optimizer Pro v3.2"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\is-4P4AB.tmp]
"LiveSupport.exe" = "LiveSupport Installer"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"MinorVersion" = "3"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"svx" = ""

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"usr.1" = "gvYmlYhabcdefABCDW"
"usr.0" = "7/AzvySUMOQIKEG xz"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"State" = "0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"7367429f" = "///%"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"iiid" = "1"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"iiid" = "1"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"587b5709" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"e46c271e" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"1c311243" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"1c311243" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"0dc3ee96" = "/P////%%"

[HKCU\Software\Optimizer Pro]
"Ir" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"2d71d5ab" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"data.0" = "kmiVPunl 6 1iBabcdj5TdK6FugOzEToj0CQDelG9Px30vrWmdk/2bKsrhAEfetAUN/vOLaHzgpi19e73gYvwQdqo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"svpath" = "c:\Program Files\Optimizer Pro 3.64\OptProMon.dll"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"27ddcf6f" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"date" = "1427893915"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"f0bf0bde" = "///%"
"bbf88800" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"51d2f2ea" = "IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/CZ/V//h/CD////%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"data.1" = "T88upA36j1yb545678Nug8OQN13OqSdlLNbpAhyWRpWgNCmwkaK0GhmtJbpjuvmVHXE0hNDCXYGrDXVMVWCHWfn5lP0KP6iyX/IjnK9koKVFAWw3yxGsPd/FsD0i1xZT3Z2bEW8InLSTl5 ij24e2tBCYC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"Version" = "22022137"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"0e93c3f3" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"340d3099" = "/P////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"65114b36" = "VP/ ////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"3efeb33e" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"a2e3b941" = "///%"
"d94388d2" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"HelpLink" = "http://www.pcutilitiespro.com"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"414bc593" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"1c311243" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930]
"LRTS" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: App Path" = "%Program Files%\Optimizer Pro 3.64"
"MajorVersion" = "3"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"Version" = "22022137"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"8b9e4cbc" = "V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c24899a6" = "VP/g/CV/Vl/1/CF////%"
"1520c6f1" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"QuietUninstallString" = "%Program Files%\Optimizer Pro 3.64\unins000.exe /SILENT"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"bbf88800" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"a0743acc" = "N/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"0c230bcb" = "///%"
"fe94ce1e" = "V/////%%"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"493c7345" = ""

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"48bd1aff" = "VP/l/C//N//l////"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f6ad6fa6" = "VP/l/C//V/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c5705860" = "Vx////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"a47da861" = "o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0ox1S06q0nU0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Icon Group" = "Optimizer Pro v3.2"
"DisplayIcon" = "%Program Files%\Optimizer Pro 3.64\OptProLauncher.exe"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"d94388d2" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"svn" = "Optimizer Pro Crash Monitor"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"2e22d94e" = "///%"
"7f69fa1f" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c6c5dd44" = "V/////%%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"appid.0" = "DT ACFa4veO8xefABCLrDVpmeIyjWr uG3cw"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"3c09c42b" = "///%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"38583bc3" = "Ml/2/CF/M//g/CZ////%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"svi" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"Inno Setup: Deselected Tasks" = ""

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"e8f9dcc7" = "UlAr/XJ/c//k////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"7f69fa1f" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"c6c5dd44" = "V/////%%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"7f69fa1f" = "///%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"dbaf3ce3" = "/P////%%"
"2e22d94e" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"svx" = ""

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"27ddcf6f" = "///%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\00000000]
"3efeb33e" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"svt" = "1427901099"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}]
"f93004be" = "%Program Files%\Optimizer Pro 3.64\OptProMon.dll"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"c6c5dd44" = "V/////%%"
"fe94ce1e" = "V/////%%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"340d3099" = "/P////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"060df2cd" = "alAl/YP/b/Af/X6/UxAp/X2/GxAk////"
"7367429f" = "///%"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f1f24e29" = "Vl/l/C/////%"
"d1abcdb6" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"usr.0" = "7/AzvySUMOQIKEG xz"
"usr.1" = "gvYmlYhabcdefABCDW"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
"UninstallString" = "%Program Files%\Optimizer Pro 3.64\unins000.exe"
"InstallLocation" = "%Program Files%\Optimizer Pro 3.64\"

[HKCU\Software\Optimizer Pro]
"CBM" = "1"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"a0743acc" = "N/////%%"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"6185d035" = "VP/h/CP/V//l////"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"a2e3b941" = "///%"

[HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"d94388d2" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"

[HKLM\SOFTWARE\e5f1f541-cda7-09cd-83cb-a28a05c4e59a\74313795753567930\eae10f9d]
"f6ad6fa6" = "VP/l/C//V/////%%"

[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"f2c53c49" = "UlAr/XJ/c//k////"

The Application modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Application adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Optimizer Pro" = "%Program Files%\Optimizer Pro 3.64\OptProLauncher.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Application modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process rundll32.exe:1068 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB F5 4A 82 D1 21 20 0A 24 84 16 5B A1 E2 83 94"

The process rundll32.exe:244 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"3c09c42b" = "///%"
"38583bc3" = "Ml/2/CF/M//g/CZ////%"
"c99a5f5c" = "///%"
"7367429f" = "///%"
"0e93c3f3" = "///%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"a47da861" = "o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06I0px1O02E0ix1S06h0nl1N07x0qx1Y06U0aU0%, o01O07x0m00K02E0aU1T0700i01P06I0ox1S07b0i01e06U0n01U0780nU0S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0ox1S06q0nU0T07t0nl1D06I0mU1O0640n01Y02E0, o01O07x0m00K02E0aU1T0700i01U0780nU1M06t0nx1T07q0qx1Y02I0qU1T06O0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06h0nl1A06E0aU1P06I0ox1S07b0i01e06U0n00T00%%, o01O07x0m00K02E0aU1T0700i01D06O0ox1K06t0ml1P06I0ox1S07b0i01e06U0n00S06b0nU1Z02E0ix1S06h0nl1N07x0qx1Y06U0aU0%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"48bd1aff" = "VP/l/C//N//l////"
"bbf88800" = "///%"
"c6c5dd44" = "V/////%%"
"587b5709" = "V/////%%"
"0c230bcb" = "///%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be]
"iiid" = "1"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"7f69fa1f" = "///%"
"f0bf0bde" = "///%"
"060df2cd" = "alAl/YP/b/Af/X6/UxAp/X2/GxAk////"
"f6ad6fa6" = "VP/l/C//V/////%%"
"8b9e4cbc" = "V/////%%"
"a1dcff5b" = "V/////%%"
"1520c6f1" = "V/////%%"
"72758a5d" = "///%"
"c5705860" = "Vx////%%"
"f2c53c49" = "UlAr/XJ/c//k////"
"65114b36" = "VP/ ////"
"f1f24e29" = "Vl/l/C/////%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"493c7345" = ""

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"a2e3b941" = "///%"
"e8f9dcc7" = "UlAr/XJ/c//k////"
"37b7a6d8" = "UlAr/XJ/c//k////"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"3efeb33e" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"fe94ce1e" = "V/////%%"
"d1abcdb6" = "///%"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\00000000]
"370856c7" = "nU1U07x0m01M06E0ql1M06E0iU1N06t0ml0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl1D06I0pU0S06h0nl1A06E0, nU1U07x0m01M06E0ix1O06h0n01D07x0jx0S06h0nl1A06E0, nU1U07x0m01M06E0mU1P0780pl0S06h0nl1A06E0"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"27ddcf6f" = "///%"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 3C 6D F6 A8 DA 1A 7F CE DE D1 97 3C 97 5E C7"

[HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\_f93004be\eae10f9d]
"e46c271e" = "///%"
"6185d035" = "VP/h/CP/V//l////"
"d94388d2" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
"414bc593" = "///%"
"a0743acc" = "N/////%%"
"0dc3ee96" = "/P////%%"
"2d71d5ab" = "V/////%%"
"2e22d94e" = "///%"
"1c311243" = "alAl/YP/b/Af/X6/clAu/XZ/UxAp/X2/GxAk////"
"340d3099" = "/P////%%"
"c24899a6" = "VP/g/CV/Vl/1/CF////%"
"51d2f2ea" = "IlAl/YP/HPAi/Xt/dxAu/YZ/J/Af/X6/Z/AM/X6/axAp/YP/alAf/Xt/axAr/B//VP/j/Cx/V//j/CZ/V//h/CD////%"

The process OptProStart.exe:1200 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKCU\Software\Optimizer Pro]
"homepageurl" = "http://www.pcutilitiespro.com/"
"BuyNowURL" = "http://gen.securedshopgate.com/?t=01&b=11&tid=111001356-US-042_680D0313-C42D-479D-9D65-8F97560BD7EB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Optimizer Pro]
"UseAds" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Optimizer Pro]
"ShowEUA" = "1"
"AdsDownloadURL" = "http://dl.repairlabshost.com/121001356/DriverPro.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Optimizer Pro]
"AppStart" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Optimizer Pro]
"UninstallURL" = "https://safecart.com/pcutilitiespro/.op-special/purchase?sid=111001356-US-042"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Optimizer Pro]
"DelayedStart" = "5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Optimizer Pro]
"WelcomeURL" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Optimizer Pro]
"SupportURL" = "http://support.pcutilitiespro.com/"

"ScanAtStartup" = "0"
"Querry" = "http://bi.secure-download.net/t/op?sid=111001356-US-042&dt=%dt%&gid=%GID%&tz=%tz%&ln=%ln%&lc=%lc%&bis=%bis%&bief=%bief%&biefx=%biefx%&bif=%bif%&os=%os%&f=2119242855"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Optimizer Pro]
"AdsBuyNowURL" = "http://www.safeshopgate.com/r?s=121001356&g=680D0313-C42D-479D-9D65-8F97560BD7EB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 A3 6A 6E 67 C3 FB AF B7 40 CC F5 D4 54 47 02"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Optimizer Pro]
"InstallDate" = "CA 5E 7A 44 F8 8D E4 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Optimizer Pro]
"AdsHost" = "dl.repairlabshost.com"
"OS" = "102"
"MachineGuid" = "680D0313-C42D-479D-9D65-8F97560BD7EB"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Application deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process LiveSupport_setup.exe:424 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 16 F7 64 1D 4B 2D A8 37 4E D4 20 F0 70 32 78"

The process regsvr32.exe:1096 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F C5 58 D4 F1 B2 EB 72 21 54 C2 F8 E8 C8 11 51"

The process regsvr32.exe:1148 makes changes in the system registry.
The Application creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 43 FC 85 FB A1 69 9D 3E CD 84 26 A5 CD A7 BD"

[HKCR\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}]
"(Default)" = "LiveSupport"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}\InprocServer32]
"ThreadingModel" = "Apartment"
"(Default)" = "%Program Files%\LiveSupport\LiveSupport_deskband_x32.dll"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: PCUtilities Software Limited
Product Name: Optimizer Pro v3.2
Product Version: 3.3.1.7
Legal Copyright: PCUtilities Software Limited
Legal Trademarks:
Original Filename: OptimizerPRO
Internal Name: OptimizerPRO
File Version: 3.3.1.7
File Description:
Comments:
Language: English

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://optpro.info/install/	54.213.128.72
hxxp://turner.map.fastly.net/
hxxp://optpro.info/get/?q=P1oexG/Z0B3A+0y89/0svH9y8f7wFeYC7BNPxdHYrpGfkStaq5mXIUn6TaTbBWwH5DRpna1zpVdIqfDyC3HhYen3rL/kFL4xTOlPj0+nvdSVOWWV7iJVOBzqI1yMrq4iwj5QQFEbgTCX6NU4JiVhpTJg3/CGYm8VPBfEBUYrLKDZzw2Wm1XCVXyGdQlAh6b6zQLlmQCTsKxrUwvudm+cYCCJwi1s4YYCIUv+CfQEu25GqhFWIICKLm7AJQvu95sw+nFNzbkhW2fUV6CGqAYvRihdRXtupdG8MjaYUKV2TDFyxKnyWQSUcJzH221R/wSkK6qVQeGSilF/YPR5j77kpR51PIw9taSzgwOiDVr81O+JfYFXRPt5LVutB3qIxJ1jDcZLMS3uTs17FGXmg77uL4JV/Xa3EBdCJirLksng2yoa1tCvFwdi1SLhXNcLo/elW8F2n4sqMOY3VoATV71nnFGBJRO80fj+MSyBSEpBu226rKR3UfhirwuyT4qO2lX9/fLkI6qWW5PGm9gDmM7+Z67fEhnZzLaIO38EjH5WB62CBTk/c+yiOzMZuh8+I4a0s/pFNscHzzT6OEAAQCjZ2aMAB9fZ2r4hHjvth4ZrGkoNJwi+c4LOW1urHjuLu4ihHr4jY5fiOFmtn2zGnGS45VNP	54.213.128.72
hxxp://optpro.info/get/?q=7O1/ZDlaKrj5q52LFHXo/w+8uBxKS4XjFLW/kzi/Hb1y8RRSX6n994gTFDQKtx2u+Sm+IxNIuxiVy2c9qKmuBasmLqbNHH4sjs7EvnzKNlEmkB7anNMOKH24TBEa1o5hQsWg6pf9oUp2mW9Qpu6+RPuD0MR+QabjkfiiMDuwJjYjaCVxZJ1xI/09Y9u1mXo0/s2cgYI6bfVIC2bwtbny4X+qT4YobxnZKrcja5OAr5r61FVqRQgmTEnRW9+RufqtMUJTtc2QWzHYQEzdlMorZ3g38ulTZ+Q4VoKWL90KVWHqIU5qrCSSFmfZsfu9B0xOsJLLlaF9Opi7tDvulJ0KZZpMsQ7SnUsfx5HdIQ8vK1WvFr+PghWxeS3e7c9uGPdsA8hCcQb+9+SqDem80Fc0u7/yo6GcqslHmt1aS0F+MmVLo/23j44bKOm+96uDewQ2zR0/i5XsLA7xgiOVw6iS5TrkTFneaAlH+fP0cBX7tbdWMOVsKiQVFyDzQz+TOYlQ2AoxXsCt5VnzCfSZETyHYfGr+bw2td33Y7MqHuHq75DVQAwJC9zr2/7V1zXQNvLhyShluiSA913wYYFmxIWCGpr+xs4jteogZtNkeUxGNLF0WBdN9WhfDQhGIO5oI5D0+EjQxvcrDdKGkLJIa7De6N01	54.213.128.72
hxxp://optpro.info/get/?q=igNsrbhbzgj0nrJ345pqfjXN9MUiesK1OEDK1Xh4yRC+mAZsu/PqPKs6TaULuRmDsj0FwCaSKGpfMvDx7mwXHkfLrP7YdKBjNNk2VQq0JGQA8nlMC+pemxjfB1wRoSwbKrNhaFEcfvi0vNU4JjNe0JWH3/fo8gQc/IfE7ZizqPhnzvgBWUhHyXyEDDr26eOFz6wEg/mOmolrUHh6JxLMYC/tOxJTyEYCMtN3wduougv5wxz7kpSc3iboD8McngaMz0GOJZB7z0ZPn/u5oCPEOrTurHc5d5zXXN7TQlkbZCPmbjx3U2Iv1xRqZcP0uUFKez6iiZM3yifDgMlSuRoNjsKFhJgZogiJ9DdZvOzzQgvR39/LSOqGcFaBM2jAq63+u1Rac4CZ+MEbU4ZIRBDPgTnVDWScuUQuZknaXN3ZnTOGi4cdkCQANCFESiRb2U8TrjDHaCpt+3sBh6m31H9pvIsHDCcpyoED2udiD+dsD3D9TnWGg05cTmtHkH8l1xY/xO3Vw1KK2crqG7rOnHaq6PgB1T4hDwtQJfavXloRnPjWIVRHqfBzKqNM2tRMdZPOzCz0giS7DC8VD8KxaDWH5Y8nilQPCe1cEBT5/toDpXxixg16SVAWtQgLimgO+xJI7whGcDt0QpRR7uXjjnoOnH67	54.213.128.72
hxxp://bi.secure-download.net/t/op?sid=111001356-US-042&dt=1427911922&gid=680D0313-C42D-479D-9D65-8F97560BD7EB&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=102&f=2119242855	107.6.170.117
hxxp://dl.softservers.net/171001356/LiveSupport.exe	184.154.145.171
hxxp://edition.cnn.com/	23.235.43.73
optpro-reporting.com	54.213.128.72
optprorep.info	54.213.128.72

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET USER_AGENTS Suspicious Win32 User Agent
ET TROJAN W32/SpeedingUpMyPC.Rootkit CnC Beacon
ET TROJAN W32/SpeedingUpMyPC.Rootkit Install CnC Beacon
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /171001356/LiveSupport.exe HTTP/1.0

Host: dl.softservers.net

User-Agent: InnoTools_Downloader

HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Wed, 01 Apr 2015 15:12:19 GMT

Content-Type: application/octet-stream

Content-Length: 1503056

Last-Modified: Wed, 01 Apr 2015 15:12:19 GMT

Connection: close

ETag: "551c0ad3-16ef50"

Content-Disposition: attachment; filename=LiveSupport.exe
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...................
..............3.......................2.....................Rich......
......................PE..L....((S.................(...........g......
.@....@.......................... ............@.......................
..............P.......p...............P...............................
.............q..@[email protected]....'
.......(.................. ..`[email protected]...,..............@..@
[email protected].....................
......@[email protected]...'.......([email protected]....................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U.........l.A.3..E.V.u.W.}
.h..........j.P..;...........Qj.j.j(j...8AA.....j.........#.PWVh.AA.j.
..<AA.3... ..._^...M.3...;....].U...U....@$R.U.R.U.R..]............
AA..:C.......U..V.....AA..$C...E..t.V..:.......^]............U..QV..j.
.M..:[email protected]..^..].......U..QVW..j..M...0...G...t....s.H
.G..w........M.#...0.._..^..].......AA...........U..QW.9..t;j..M.../..
.G...t....s.H.G.V.w......M...../..#.t.....j.....^_..].................
.....................U...E....u..y..r....E..U....]....y..r....M.P.
<<< skipped >>>

HEAD / HTTP/1.1

Host: edition.cnn.com

Connection: close

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

HTTP/1.1 200 OK

x-servedByHost: prd-10-60-168-53.nodes.56m.dmtio.net

Cache-Control: max-age=3600

X-XSS-Protection: 1; mode=block

Content-Security-Policy: default-src 'self' hXXp://*.cnn.com:* hXXps://*.cnn.com:* *.cnn.net:* *.turner.com:* *.ugdturner.com:* *.vgtf.net:*; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' *; media-src 'self' *; font-src 'self' *; connect-src 'self' *;

Content-Type: text/html; charset=utf-8

Via: 1.1 varnish

Content-Length: 217304

Accept-Ranges: bytes

Date: Wed, 01 Apr 2015 15:11:55 GMT

Via: 1.1 varnish

Age: 150

Connection: close

X-Served-By: cache-iad2124-IAD, cache-ams4125-AMS

X-Cache: HIT, HIT

X-Cache-Hits: 2, 21

X-Timer: S1427901115.021199,VS0,VE0

Vary: Accept-Encoding

GET /t/op?sid=111001356-US-042&dt=1427911922&gid=680D0313-C42D-479D-9D65-8F97560BD7EB&tz=2&ln=1&lc=0&bis=0&bief=0&biefx=0&bif=0&os=102&f=2119242855 HTTP/1.1

Host: bi.secure-download.net

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Wed, 01 Apr 2015 15:12:18 GMT

Content-Type: application/octet-stream

Content-Length: 0

Connection: keep-alive

content-type: text/html

The Application connects to the servers at the folowing location(s):

.text

`.data

.rsrc

msvcrt.dll

KERNEL32.dll

NTDLL.DLL

GDI32.dll

USER32.dll

IMAGEHLP.dll

rundll32.pdb

.....eZXnnnnnnnnnnnn3

....eDXnnnnnnnnnnnn3

...eDXnnnnnnnnnnnn,

.eDXnnnnnnnnnnnn,

%Xnnnnnnnnnnnnnnn1

O3$dS7"%U9

.manifest

5.1.2600.5512 (xpsp.080413-2105)

RUNDLL.EXE

Windows

Operating System

5.1.2600.5512

YThere is not enough memory to run the file %s.

Please close other windows and try again.

9The file %s or one of its components could not be opened.

0The file %s or one of its components cannot run.

MThe file %s or one of its components requires a different version of Windows.

UThe file %s or one of its components cannot run in standard or enhanced mode Windows.3Another instance of the file %s is already running./An exception occurred while trying to run "%s"

Error in %s

Missing entry:%s

Error loading %s

OptProStart.exe_1200:

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

uxtheme.dll

!"#$%d

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyworddRA

crSQLWait

%s (%s)

imm32.dll

AutoHotkeys\

AutoHotkeys

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreviewP

WindowState

OnKeyDown

OnKeyPress

OnKeyUp

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

password

Password

IdHTTPHeaderInfo

ProxyPassword<

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

ftpTransfer

ftpReady

ftpAborted

ClientPortMin<

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

saUsernamePassword

Password<

0.0.0.1

TIdTCPConnection

IdTCPConnection

EIdTCPConnectionError

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile

CertFile

KeyFile

OnGetPassword@<F

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

TIdTCPClient

TIdTCPClientXdF

IdTCPClient

BoundPort

PortU

Uh.qF

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnHeadersAvailable

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPResponse8

TIdHTTPRequest

TIdHTTPProtocol

TIdCustomHTTP

TIdHTTP

TIdHTTP4

HTTPOptions

Porth

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

OnActionExecuteX

%s, ClassID: %s

ole32.dll

driverpro.exe

Driver Pro\DriverPro.exe

hXXp://VVV.pcutilitiespro.com

UninstallURL

AdsDownloadURL

HomePageURL

SupportURL

BuyNowURL

AdsBuyNowURL

WelcomeURL

BannerURL

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

?456789:;<=

!"#$%&'()* ,-./0123

user32.dll

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegCreateKeyExA

GetCPInfo

version.dll

gdi32.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExA

MsgWaitForMultipleObjects

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

shell32.dll

ShellExecuteA

wininet.dll

6!606@6`6

5!5%5)5-515

> >$>(>,>0>4>8><>@>\>|>

0#0'0 0/03070;0

= >$>(>,>0>4>

3 3$3(3,30343

9%9u9

5 5$5(5,5:5

8"9&9*92989

2 2$2(2,20242

5"5&5*5.52565:5

2"292\2?3

=#='= =/=3=7=;=?=

KWindows

UrlMon

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPStream

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Icon.Data

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Error creating SSL context. Could not load root certificate.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

%s is not a valid IP address.

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

No help keyword specified.

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s' List capacity out of bounds (%d)

Ancestor for '%s' not found

Cannot assign a %s to a %s

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value

I/O error %d

Integer overflow Invalid floating point operation

3.2.0.0

LiveSupport.exe_1016:

.text

`.rdata

@.data

.rsrc

@.reloc

8%u:j

xSSSh

FTPjKS

FtPj;S

C.PjRV

RegOpenKeyTransactedW

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

FRegDeleteKeyExW

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

RPCRT4.dll

InternetOpenUrlW

HttpQueryInfoW

WININET.dll

GdiplusShutdown

gdiplus.dll

SHLWAPI.dll

VERSION.dll

GetProcessHeap

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCreateKeyExW

RegDeleteKeyW

RegCloseKey

RegQueryInfoKeyW

RegEnumKeyExW

RegFlushKey

ADVAPI32.dll

ole32.dll

ShellExecuteW

ShellExecuteExW

SHELL32.dll

OLEAUT32.dll

COMCTL32.dll

GDI32.dll

GetCPInfo

.?AV?$CFlagStateDlg@VCSupportContainerDlg@@@@

.?AV?$CDialogImpl@VCSupportContainerDlg@@VCWindow@ATL@@@ATL@@

.?AVCCmdLineOptions@@

.?AVCHttpHelper@@

.?AVCSupportContainerDlg@@

.?AVIHttpObserver@@

zcÁ

%c:^"

`%c:*

a).Wc@

50!`A.egu

%SDDB

A.eu~

.Ny_>`_

vF%D@D

.bm' O

L:.KeBf

.Hj(^

-.uwl

f%s$o

V.LGm

.Dt!n\

 K.eOpmd

RI.lvy

.ZKl/ Z,

\iTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:D55BB01090EFE211ACDE8560C64C7E45" xmpMM:DocumentID="xmp.did:EA5144FCF05511E2B7E798039BD56FBF" xmpMM:InstanceID="xmp.iid:EA5144FBF05511E2B7E798039BD56FBF" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D55BB01090EFE211ACDE8560C64C7E45" stRef:documentID="xmp.did:D55BB01090EFE211ACDE8560C64C7E45"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

iTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5" xmpMM:InstanceID="xmp.iid:ABDDC127FAB511E2AF40EC6881A4C2FD" xmpMM:DocumentID="xmp.did:ABDDC128FAB511E2AF40EC6881A4C2FD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ABDDC125FAB511E2AF40EC6881A4C2FD" stRef:documentID="xmp.did:ABDDC126FAB511E2AF40EC6881A4C2FD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:B65DA3C4FDF9E211A6FF95665BD7D125" xmpMM:DocumentID="xmp.did:12D33543FAB411E282A6DA328A34807F" xmpMM:InstanceID="xmp.iid:12D33542FAB411E282A6DA328A34807F" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B65DA3C4FDF9E211A6FF95665BD7D125" stRef:documentID="xmp.did:B65DA3C4FDF9E211A6FF95665BD7D125"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

6f6C6T6b6s6

: :$:(:,:0:4:8:

4 4$4(4,404|:

:(:4:<:\:

2 2<2@2`2

3 3@3\3`3

(0@0`0|0

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

cmdonly

LiveSupport_MainDlg

LiveSupport

Software\Microsoft\Windows\CurrentVersion\Run

unins000.exe

_log.txt

AdsLicenseKey

AdsRunKey

CallbannerUrl

Cmd params:

24x7 Tech Support

Live Support

UrlTerms

UrlPrivacy

UrlAbout

UrlFAQ

Uninstall LiveSupport

New update package is available for LiveSupport.

Support

AdsDownloadUrl

hXXp://VVV.pcutilitiespro.com/terms-and-conditions.aspx

hXXp://VVV.pcutilitiespro.com/privacy.aspx

hXXp://VVV.pcutilitiespro.com/livesupport.aspx

hXXp://VVV.pcutilitiespro.com/faq.aspx

SoftUpdateUrl

hXXp://updates.livesupport.pcutilitiespro.com

Software\LiveSupport

Display icon on all windows

@_update.exe

/LiveSupport_setup_%ver%.exe

Call us now for instant Technical Support and Assistance for PC issues such as network, printer, software installation and much more

Certified Trained Technicians

LiveSupport-

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

nKERNEL32.DLL

WUSER32.DLL

%Program Files%\LiveSupport\LiveSupport.exe

"GENERAL_CALL","24x7 Tech Support",

"MDLG_MAIN_PAGE","< Support","< Startseite"

"MDLG_TSKBAR_TOOLTIP","Click here for instant access to technical support from the %APP_BRAND%","Klicken Sie hier f

r sofortigen Zugriff auf technischen Support von der %APP_BRAND%"

"SPDLG_TITLE_2","Support","-Support"

"SPDLG_TITLE_3","Your Certified PC Expert","Certified geschulte Techniker"

r den sofortigen technischen Support und Unterst

"SPDLG_TABTITLE","Support","Support"

"SCDLG_NETERROR","Error occurred while downloading %UPSELL_BRAND%. ","Internet Fehler beim Herunterladen% UPSELL_BRAND%."

"FDLG_LINK_UNINSTALL","Uninstall LiveSupport","Deinstallieren Live Support"

<a>Uninstall LiveSupport</a>

1234567

Replace%Select the entire document

Arrange Icons/Arrange windows so they overlap

Cascade Windows5Arrange windows as non-overlapping tiles

Tile Windows5Arrange windows as non-overlapping tiles

Tile Windows(Split the active window into panes

1.2.8.0

LiveSupport.exe

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   optsetup.exe:1672
   LiveSupport_setup.tmp:1244
   LiveSupport.exe:2016
   %original file name%.exe:456
   optsetup.tmp:1952
   rundll32.exe:1068
   rundll32.exe:244
   LiveSupport_setup.exe:424
   regsvr32.exe:1096
   regsvr32.exe:1148

2. Delete the original Application file.
   
3. Delete or disinfect the following files created/modified by the Application:
   

   %Documents and Settings%\%current user%\Local Settings\Temp\is-OFCQS.tmp\optsetup.tmp (7386 bytes)
   %Program Files%\LiveSupport\is-KRQL5.tmp (34256 bytes)
   %Program Files%\LiveSupport\unins000.msg (646 bytes)
   %Program Files%\LiveSupport\is-495FH.tmp (673 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-8QFJR.tmp\_isetup\_shfoldr.dll (23 bytes)
   %Program Files%\LiveSupport\unins000.dat (8096 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\LiveSupport.lnk (1 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\LiveSupport\Uninstall LiveSupport.lnk (751 bytes)
   %Documents and Settings%\%current user%\Desktop\LiveSupport.lnk (1 bytes)
   %Program Files%\LiveSupport\is-JI8C1.tmp (7385 bytes)
   %Program Files%\LiveSupport\is-9MPNB.tmp (1281 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\adsology[1].htm (3 bytes)
   %Documents and Settings%\%current user%\Application Data\LiveSupport.exe_log.txt (1237 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\LiveSupport_setup.exe (134522 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\optsetup.exe (779886 bytes)
   %Documents and Settings%\%current user%\NTUSER.DAT.LOG (4496 bytes)
   %Program Files%\Optimizer Pro 3.64\is-OPOMD.tmp (2321 bytes)
   %Program Files%\Optimizer Pro 3.64\is-HBCKN.tmp (898 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\optpro2.bmp (673 bytes)
   %Program Files%\Optimizer Pro 3.64\is-ASKFG.tmp (673 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Uninstall Optimizer Pro.lnk (792 bytes)
   %Program Files%\Optimizer Pro 3.64\is-MCD97.tmp (6841 bytes)
   %Program Files%\Optimizer Pro 3.64\is-BD7PH.tmp (54 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\OptProHelper.dll (7971 bytes)
   %Program Files%\Optimizer Pro 3.64\OptProMon.dll (134720 bytes)
   %Program Files%\Optimizer Pro 3.64\is-UARNJ.tmp (712 bytes)
   %Program Files%\Optimizer Pro 3.64\unins000.msg (646 bytes)
   %Program Files%\Optimizer Pro 3.64\is-3TM9M.tmp (32054 bytes)
   %Program Files%\Optimizer Pro 3.64\is-S055N.tmp (48 bytes)
   %Program Files%\Optimizer Pro 3.64\is-JP7KI.tmp (2321 bytes)
   %Program Files%\Optimizer Pro 3.64\is-7AN6K.tmp (25426 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Help.lnk (786 bytes)
   %Program Files%\Optimizer Pro 3.64\is-6D8E0.tmp (601 bytes)
   %Program Files%\Optimizer Pro 3.64\is-F05ST.tmp (601 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\LiveSupport.exe (11493 bytes)
   %Documents and Settings%\%current user%\Desktop\Optimizer Pro.lnk (774 bytes)
   %Program Files%\Optimizer Pro 3.64\is-5H5HI.tmp (1281 bytes)
   %Program Files%\Optimizer Pro 3.64\is-OTMS2.tmp (7971 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\OptProMon.dll (15506 bytes)
   %Program Files%\Optimizer Pro 3.64\is-3L76Q.tmp (56 bytes)
   %Program Files%\Optimizer Pro 3.64\is-13O54.tmp (22 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\_isetup\_shfoldr.dll (23 bytes)
   %Program Files%\Optimizer Pro 3.64\is-UR8JF.tmp (3073 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro on the Web.lnk (766 bytes)
   %Program Files%\Optimizer Pro 3.64\is-A36OH.tmp (4545 bytes)
   %Program Files%\Optimizer Pro 3.64\is-337Q7.tmp (20 bytes)
   %Program Files%\Optimizer Pro 3.64\unins000.dat (28681 bytes)
   %Program Files%\Optimizer Pro 3.64\is-RPM1T.tmp (65 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk (786 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-4P4AB.tmp\itdownload.dll (1281 bytes)
   %Documents and Settings%\All Users\Start Menu\Programs\Optimizer Pro v3.2\Check updates.lnk (814 bytes)
   %Program Files%\Optimizer Pro 3.64\is-GRJO9.tmp (6841 bytes)
   %Program Files%\Optimizer Pro 3.64\is-28A1F.tmp (3361 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\is-DNAB4.tmp\LiveSupport_setup.tmp (7386 bytes)
   %Documents and Settings%\%current user%\Application Data\regsvr32.exe_log.txt (133 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "LiveSupport" = "%Program Files%\LiveSupport\LiveSupport.exe /noshow /log"
   
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "Optimizer Pro" = "%Program Files%\Optimizer Pro 3.64\OptProLauncher.exe"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.